From 6bf33ce507bb9d1a01f3712a23464d3a358388b0 Mon Sep 17 00:00:00 2001
From: Ophestra Umiker <cat@ophivana.moe>
Date: Tue, 19 Nov 2024 21:03:09 +0900
Subject: [PATCH] fortify: use resolved username

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
---
 main.go | 48 +++++++++++++++++++++++++++++++++++-------------
 1 file changed, 35 insertions(+), 13 deletions(-)

diff --git a/main.go b/main.go
index a4b8265..19f3feb 100644
--- a/main.go
+++ b/main.go
@@ -8,6 +8,7 @@ import (
 	"os/user"
 	"strconv"
 	"strings"
+	"sync"
 	"text/tabwriter"
 
 	"git.ophivana.moe/security/fortify/dbus"
@@ -188,20 +189,41 @@ func main() {
 			panic("unreachable")
 		}
 
-		// resolve home directory from os when flag is unset
+		// resolve home/username from os when flag is unset
+		var (
+			passwd     *user.User
+			passwdOnce sync.Once
+			passwdFunc = func() {
+				var us string
+				if uid, err := os.Uid(aid); err != nil {
+					fmsg.Fatalf("cannot obtain uid from fsu: %v", err)
+				} else {
+					us = strconv.Itoa(uid)
+				}
+
+				if u, err := user.LookupId(us); err != nil {
+					fmsg.VPrintf("cannot look up uid %s", us)
+					passwd = &user.User{
+						Uid:      us,
+						Gid:      us,
+						Username: "chronos",
+						Name:     "Fortify",
+						HomeDir:  "/var/empty",
+					}
+				} else {
+					passwd = u
+				}
+			}
+		)
+
 		if homeDir == "os" {
-			var us string
-			if uid, err := os.Uid(aid); err != nil {
-				fmsg.Fatalf("cannot obtain uid from fsu: %v", err)
-			} else {
-				us = strconv.Itoa(uid)
-			}
-			if u, err := user.LookupId(us); err != nil {
-				fmsg.VPrintf("cannot look up uid %s", us)
-				homeDir = "/var/empty"
-			} else {
-				homeDir = u.HomeDir
-			}
+			passwdOnce.Do(passwdFunc)
+			homeDir = passwd.HomeDir
+		}
+
+		if userName == "chronos" {
+			passwdOnce.Do(passwdFunc)
+			userName = passwd.Username
 		}
 
 		config.Confinement.AppID = aid